COMMISSION STAFF WORKING PAPER IMPACT ASSESSMENT. Accompanying document to the. Proposal for a EUROPEAN PARLIAMENT AND COUNCIL DIRECTIVE

Transcription

1 EN EN EN

2 EUROPEAN COMMISSION Brussels, SEC(2011) 132 final COMMISSION STAFF WORKING PAPER IMPACT ASSESSMENT Accompanying document to the Proposal for a EUROPEAN PARLIAMENT AND COUNCIL DIRECTIVE on the use of Passenger Name Record data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime {COM(2011) 32 final} {SEC(2011) 133 final} EN EN

3 1. PROCEDURAL ISSUES AND CONSULTATION OF INTERESTED PARTIES Organisation and timing Consultation and expertise Impact Assessment Board PROBLEM DEFINITION Description of the problem Threat of terrorism and serious crime PNR and its uses Divergence between national PNR systems Types of carriers collecting PNR data EU right to act and subsidiarity principle How would the problem evolve, all things being equal? POLICY OBJECTIVES Objectives Respect of fundamental rights POLICY OPTIONS AND TRANSVERSAL ISSUES Policy options A. Refraining from addressing the issue at EU level Maintaining the status quo Transversal issues Geographical scope Data to be transmitted from the Passenger Information Units/Centralised Unit to the competent authorities Bodies receiving data from the Passenger Information Units ANALYSIS OF IMPACTS Impacts of the option of refraining from addressing the issue at the EU level Maintaining the status quo (Policy Option A) Impacts of the options addressing the structure for collecting and processing PNR data (Policy Option B) Decentralised collection and processing of data by Member States (Option B1) EN 2 EN

4 Centralised collection and processing of data at EU level (Option B2) Impacts of the options addressing the purpose limitation of the proposed measures (Policy Option C) Access for the prevention, detection, investigation and prosecution of terrorist offences and serious crime only (Option C1) Access for the prevention, detection, investigation and prosecution of terrorist offences and serious crime and other policy objectives (Option C2) Impacts of the options addressing the modes of transport to be covered by the proposed measures (Policy Option D) Air carriers only (Option D1) Air, sea and rail carriers (Option D2) COMPARING THE OPTIONS Summary table of the impacts of the policy options PREFERRED POLICY OPTION Analysis of the preferred policy option Costs of the preferred option MONITORING AND EVALUATION EN 3 EN

5 Impact Assessment on a common approach to the use of Passenger Name Record data 1. PROCEDURAL ISSUES AND CONSULTATION OF INTERESTED PARTIES 1.1. Organisation and timing Passenger Name Record (PNR) data are unverified information provided by the passengers and collected by carriers for their own commercial purposes. A European policy in this area was announced in the Commission Communication "Transfer of Air Passenger Name Record (PNR) Data: A global EU approach" in December The European Council in its Declaration on combating terrorism of March 2004 called on the European Commission to bring forward a proposal "for a common EU approach to the use of passengers' data for border and aviation security and other law enforcement purposes". Moreover, the Hague programme for called for a common EU approach to the use of passengers' data for law enforcement purposes. In this context, on 6 November 2007 the Commission adopted a proposal for a Council Framework Decision on the use of PNR data for law enforcement purposes 2 ('the 2007 proposal'). The proposal was accompanied by an Impact Assessment 3 ('the 2007 Impact Assessment') on which the Commission's Impact Assessment Board delivered a positive opinion on 5 September The proposal was extensively discussed in the Council working groups and the progress made in the discussions was endorsed by the JHA Councils in January, July and November of The discussions on the proposal in the working groups allowed consensus to be reached on most of the provisions of the proposal 5. Upon the entry into force of the Treaty of Lisbon on 1 December 2009, the Commission proposal not yet adopted by the Council 6 became obsolete. This was due to the change of the legal basis of the proposal and a change of the decision-making procedure from the consultation procedure to the co-decision procedure. 'The Stockholm Programme An open and secure Europe serving and protecting the citizens' 7 calls on the Commission to present a proposal for the use of PNR data to prevent, detect, investigate and prosecute terrorism and serious crime COM (2003) 826 final COM(2007) 654 SEC (2007) 1453 SEC(2007) 1457 Council Document 5618/2/09 REV 2 of The European Parliament adopted a resolution on the proposal on P6_TA (2008)0561 Council document of 2/12/ /09 EN 4 EN

6 1.2. Consultation and expertise For the purposes of the Impact Assessment accompanying the 2007 proposal, the Commission departments consulted all the relevant stakeholders on the basis of a questionnaire which was sent out in December Subsequently, the Commission invited the Member States to a meeting in Brussels on the 2 nd of February 2007, during which the representatives of the Member States had the opportunity to exchange their views. The questionnaire was sent to all the Member States, the data protection authorities of the Member States, the European Data Protection Supervisor (EDPS), the Association of European Airlines (AEA), the Air Transport Association of America (ATA), the International Air Carrier Association (IACA), the European Regions Airline Association (ERA) and the International Air Transport Association (IATA). The replies were summarised in the 2007 Impact Assessment which accompanied the 2007 proposal. Extensive discussions have also been held since 2003 with carriers, data protection authorities and border and law enforcement authorities during the negotiations for the agreements on the transfer of PNR data to the United States, Canada and Australia. The Article 29 Working Party issued a number of opinions on the use of PNR data in relation to international agreements 8. The implementation of the 2004 PNR agreement with the United States 9 was subject of a joint review by the Commission, assisted by national authorities, and United States. authorities in September The implementation of the 2007 PNR agreement with the United States 10 was also reviewed by the Commission, assisted by national authorities, and United States. authorities in February The PNR agreement with Canada 11 was also jointly reviewed in November Following the adoption of the Commission's 2007 proposal, all the relevant stakeholders published their positions on it. The position of the Member States is reflected in the latest version of the proposal which was discussed in the Council working groups in June The Member States in general agreed with the policy lines suggested by the Commission. In their contribution they suggested the exclusive use of the "push" method, the shortening of the data retention period, the clarification of the uses of PNR data and the adoption of a specific data protection framework for the proposal. A few Member States favoured extending the purpose so as to also cover irregular migration and border controls, while other Member States favoured an extension of the Opinion 1/2005 on the level of protection ensured in Canada for the transmission of Passenger Name Record and Advance Passenger Information from airlines, January 2005, Opinion 6/2004 on the implementation of the Commission decision of 14-V-2004 on the adequate protection of personal data contained in the Passenger Name Records of air passengers transferred to the United States Bureau of Customs and Border Protection, and of the Agreement between the European Community and the United States of America on the processing and transfer of PNR data by air carriers to the United States Department of Homeland Security, Bureau of Customs and Border Protection, June 2004, and others. OJ L 183/83, and OJ L 235/11, OJ L 204/16, OJ L 91, p.53, OJ L 91, p.49 and OJ L 82, p.15 Council Document 5618/2/09 REV 2 of EN 5 EN

7 geographical scope of the proposal in order to include intra-eu flights arguing that the necessity of processing PNR data did not change depending on whether a flight is internal or external. The main criticism expressed in the Resolution of the European Parliament was that the 'necessity' of the proposed actions had not been sufficiently demonstrated. It questioned whether the proposal met the standard for justifying an interference with the right to data protection. The Resolution expressed the Parliament's concern that the added value of the proposal in the light of other border initiatives had not been assessed. In terms of data protection the European Parliament called for a clear purpose limitation and a better justification of the retention period and stressed that sensitive data should be used only under certain conditions and that data should be transmitted using exclusively the "push" method. It further called for restrictions of onward transfers to third countries, while stressing that only specific authorities should have access to PNR data. Finally the European Parliament expressed concerns that the proposed method of automatically assessing PNR data on the basis of fact-based assessment criteria was a very wide use of the data and recalled that such assessment should never result in "profiling" on the basis of sensitive data. The Article 29 Data Protection Working Party adopted an opinion on the proposal on It considered that the proposal was disproportionate and that it might violate the right to data protection. It called into question the data protection regime as the Framework Decision 2008/977/JHA does not cover domestic processing of data. It considered that the justification for the necessity of the proposal was inadequate, that the data retention period was disproportionate and that only the "push" method of transmission of data should be used. The European Data Protection Supervisor (EDPS) also issued an opinion on the proposal 14. This opinion questioned whether the "necessity" and "proportionality" of the proposal had been demonstrated since the proposal concerned a very wide collection of data of innocent people. The EDPS criticised the proposal as leading towards a "surveillance society" and called into question the data protection regime as domestic processing of data is not covered by the Framework Decision 2008/997/JHA. The EDPS specifically suggested to better defining the authorities which would have access to PNR data and the conditions for transferring data to third countries The Fundamental Rights Agency issued an opinion on the proposal after being requested to do so by the French Presidency of the Council 15. It was also of the opinion that the "necessity" and "proportionality" of the proposal had not been demonstrated and it considered that there should be more guarantees in the proposal so as to avoid profiling on the basis of sensitive data. Some airline associations, namely the International Air Transport Association (IATA) and the European Airlines Associations (EAA) issued opinions on the proposal. These associations mainly criticised the decentralised structure of the proposal and stressed that a centralised collection of the data would have financial advantages to the carriers. They also criticised the Opinion number 145 of OJ C 110, EN 6 EN

8 choice of the "push" method and called for the choice of transmission method to be left to the carriers. Even though the 2007 Impact Assessment received a positive opinion from the Impact Assessment Board and the Commission considered that a legislative proposal was necessary, it was deemed preferable to nevertheless carry out a new Impact Assessment. The present Impact Assessment therefore aims to answer criticism raised by the above mentioned stakeholders. It also aims to include all the new facts and experience gained since 2007 and to analyse the issues in an updated way The Impact Assessment and any subsequent legislative proposal should reflect the latest positions resulting from the discussions in the Council working parties, the resolution of the European Parliament, the opinions of other relevant bodies, and new information gathered since The purpose of this report is to examine the possibility of adopting a new proposal to replace the 2007 proposal on the basis of the TFEU. It aims to assess whether there is a need for a proposal at European Union level to set up a coherent legal framework on the obligation of carriers to transmit PNR data to the relevant competent authorities for the purpose of prevention, detection, investigation and prosecution of terrorist offences and serious crime, whilst ensuring a high level of protection of personal data throughout the Union. An inter-service group was setup to steer the Impact Assessment work. The steering group consisted of officials from DG HOME, DG JUST, DG RELEX, DG MOVE, SJ and SG. It met on and to discuss the issues arising from the Impact Assessment and further comments were provided in writing Impact Assessment Board On 10 September 2010, the Commission's Impact Assessment Board delivered an opinion on a preliminary version of this Impact Assessment report. In the opinion, the Board stated that the Impact Assessment report provides a sound basis for action. It recommended that the report should provide additional information on the following issues: Further illustrate, through examples, that PNR data are an effective tool for combating terrorism and serious crime; Further clarify the rationale for the geographical scope of the initiative; Further discuss the different ranges of data retention periods, the optimal duration of the transition period from 'pull' to 'push', presentation of the position of the Member States and the possibility of voluntary cooperation between Member States as a means of achieving the objectives of the initiative; and Further clarify the costs for carriers, public authorities and passengers. The present version of the Impact Assessment report has been redrafted to take account of those recommendations. Additional information and modifications have thus been introduced to this end in many of its sections. EN 7 EN

9 2. PROBLEM DEFINITION 2.1. Description of the problem Threat of terrorism and serious crime Over the last decade the European Union and other parts of the world have experienced a further spread of cross-border crime. Trafficking in human beings and drugs constitute a very serious threat to European society and influence the societal and economic structure of every day life. These crimes are showing a steady increase in the EU 16. Drug trafficking has risen by between 3% and 24% per year in the EU over the last 8 years, while violent crime has risen annually between 2% and8% in the same period. Facilitation of irregular immigration, smuggling of currency and illegal goods are also serious problems with cross-border elements. According to the EU Source book, there were criminal offences per population in the EU Member States in 2007 (excluding Italy and Portugal for which data were not made available), ranging from offences in Sweden to 958 in Cyprus. Serious crime and terrorist offences cause severe harm to victims, inflict economic damage on a large scale and undermine the sense of security without which persons cannot exercise their freedom and individual rights effectively. A study published in for the International Labour Organisation estimated that the cost of coercion from underpayment of wages resulting from trafficking in human beings in 2007 in industrialised economies was $ , while the total for the world were $ The 2010 Annual report on the state of the drugs problem in Europe of the European Monitoring Centre for Drugs and Drug Addiction acknowledges the global nature of the drugs problem and the growing and severe drug-related problems. By undermining social development and feeding corruption and organised crime they represent a real threat for the European Union. In Europe we have annual seizures of about tonnes of the cannabis and about cocaine-related deaths annually. The number of problem opioid users in Europe is cautiously estimated at 1.35 million. As regards the economic and social impacts of drugs, in 2008, 22 EU Member States reported a total labelled expenditure on the drugs problem of EUR 4.2 billion. Another study of the UK Home Office The economic and social costs of crime against individuals and households 2003/04 measured the costs incurred in anticipation of crime, such as defensive expenditure, the costs as a consequence of crime, like the physical and emotional impact on the victim and the value of any property stolen and the costs incurred in response to crime, including the costs to the criminal justice system. These costs were measured at in Eurostat 36/2009 Measuring the costs of coercion to workers in forced labour-alexandra Vinogradova, Michaelle De Cock, Patrick Belser EN 8 EN

10 In the meantime, four out of five Europeans wish to see stronger action at EU level against organised crime and terrorism 18. Europol's EU Organised Crime Threat Assessment 2009 (OCTA 2009) found that most of organised crime threats have an international dimension, with criminal groups trying to traffic and smuggle people, drugs and other illicit goods into the EU. The OCTA 2009 established that, in the majority of cases, the most serious organised crime threats involve international travel. Trafficking in human beings and facilitation of irregular immigration involves third country nationals being trafficked into the EU. In addition, most drugs trafficking also involve international travel, with large quantities of drugs being smuggled into the EU every day. Intelligence has further indicated that, due to the increasing access that law enforcement authorities have to e-communications, terrorists and criminals tend to prefer to travel and meet to discuss their business rather than communicate long-distance. It is therefore becoming increasingly important to obtain as much information as possible about the travel of such persons. Because of the transnational and organised nature of these serious crimes, it is important to ensure close cooperation of law enforcement authorities within the EU. Terrorism currently constitutes one of the greatest threats to security, peace, stability, democracy and fundamental rights. The threat of terrorism is not restricted to specific geographical zones. Terrorists and terrorist organisations can be found both inside and outside the borders of the EU and have shown their capability to carry out attacks and acts of violence against any country. Europol's "EU Terrorism Situation and Trend Report 2010", despite finding that terrorism has decreased in the EU during 2009, stressed that the threat remains real and serious. Most terrorist campaigns have a transnational character with either the involvement of either transnational contacts or travel to attend training camps outside the EU. The terrorist attacks in the United States in 2001, the aborted terrorist attack in August 2006 aimed at blowing up a number of aircraft on their way from the United Kingdom to the United States, and the attempted terrorist attack on board a flight from Amsterdam to Detroit in December 2009 showed the ability of terrorists to mount attacks, targeting international flights, in any country PNR data and their uses There are some types of data traditionally collected specifically for law enforcement purposes, such as fingerprints and DNA. In executing its mandate to enhance police cooperation, the EU acts in order to streamline the sharing between Member States of such data and other information that might be necessary for criminal investigations or criminal intelligence operations 19. There are other types of data that are initially collected by Member States for non-law enforcement purposes, for example, data on immigration, asylum, vehicle registration and citizenship, but to which law enforcement authorities are given access for the performance of their tasks. A third category is privately-held or privately-collected (as opposed to the aforementioned publicly-held) data. Access by law enforcement to such data is regulated differently in Member States Standard Eurobarometer 71. Council Framework Decision 2006/960/JHA EN 9 EN

11 depending on the type of data and their function. Passenger information such as PNR data are one type of such privately-collected and privately-held data. PNR data is unverified information provided by passengers, and collected by and held in the carriers reservation and departure control systems. It contains several different types of information, such as travel dates, travel itinerary, ticket information, contact details, travel agent at which the flight was booked, means of payment used, seat number and baggage information. The PNR data of a certain passenger usually do not contain all potential PNR elements 20, but only those actually provided by the passenger at the time of reservation and information given upon check-in and boarding. PNR data are traditionally collected by air carriers. It should be noted that most non-air carriers usually do not collect such data. PNR data are different from and should not be confused with Advance Passenger Information (API) data. API data are biographical information taken from the machine-readable part of a passport and contain the name, place of birth, nationality of a person, passport number and expiry date. API data are mainly used for carrying out border checks in advance of a person's arrival or departure. Although in some cases the data are also used by law enforcement authorities in order to identify suspects and persons sought, they are mainly used as a border management tool. API data are used systematically in more than 30 countries around the world 21. In the EU, the use of API data is regulated by the API Directive 22. The Directive provides that API data should be made available to border control authorities, at the request of each Member State, for flights entering the territory of the EU for the purpose of improving border controls and combating irregular immigration. Even though their use for law enforcement purposes is permitted by the Directive, this is possible only in limited circumstances. PNR data are mainly used as a criminal intelligence tool, in particular for assessment, rather than as an identity verification tool. The uses of PNR are unique and are mainly the following: (i) PNR data make it possible to carry out a pre-arrival and pre-departure assessment of all passengers on the basis of fact-based assessment criteria 23 in advance of the arrival or departure of passengers; this allows authorities to focus on those passengers who fit into the fact-based assessment criteria but who were previously unsuspected, rather than subjecting all passengers to an extensive assessment by border guards, (ii) PNR data can be made available well in advance of a flight's arrival or departure, and hence provide authorities with more time for processing, analysing and potentially taking action, The list of all possible PNR elements has been adopted by ICAO in its Guidelines for the use of PNR data of 2005 Some examples include Australia, Brazil, Canada China, Cuba, India, Japan, Mexico, Unites States and several other countries- information sourced from IATA Directive 2004/82/EC of "fact-based risk indicators" are rules established by law enforcement authorities through the analysis of past PNR data and other relevant intelligence. They are usually the result of trend analysis and aim to set out rules for carrying out the automated risk assessment of passengers. They could relate to ways of travel behaviour, travel routes etc. EN 10 EN

12 (iii) it is possible to match PNR data against databases with specific addresses, telephone numbers, credit cards connected to criminal offences and establish to whom such data belong, and (iv) by matching PNR data of persons known to law enforcement authorities against the PNR data of persons unknown to such authorities, it is possible to identify associates of suspects assisting in the preparation and execution of a crime. For several years this is how PNR data have been used, mainly by customs and law enforcement authorities around the world. However,, it was until recently not technically possible for the authorities of a country to access such data electronically and in advance of the flight, so they were only processed manually and only in relation to a limited number of flights. Technological advances have since made the advance electronic transfer, analysis (and subsequent retention) of such data possible. To address the threat of serious crime and terrorism, law enforcement authorities may use PNR data in several ways: re-actively: use of the data in investigations, prosecutions, unravelling of networks after a crime has been committed. In order to allow law enforcement authorities to go back sufficiently in time, a commensurate period of retention by law enforcement authorities is necessary. in real time: use of the data prior to the arrival or departure of passengers in order to prevent a crime, watch or arrest persons before a crime has been committed or because a crime has been or is being committed. In such cases PNR data are especially useful for running such data against predetermined assessment criteria in order to identify persons that were previously "unknown" to law enforcement authorities and for running the data against various databases of persons and objects sought. pro-actively: use of the data for analysis and creation of assessment criteria, which can then be used for a pre-arrival and pre-departure assessment of passengers. In order to carry out such an analysis of relevance for the prevention, detection, investigation and prosecution of terrorist offences and serious crime, a commensurate period of retention of the data by law enforcement authorities is necessary in such cases. It is necessary to impose those legal obligations on air carriers for the following reasons: First, PNR data enable law enforcement authorities to identify persons, who were previously "unknown", i.e. persons previously unsuspected of involvement in serious crime and terrorism, but whom an analysis of the data suggests may be involved in such crime and who should therefore be subject to further examination by the competent authorities. Identifying such persons helps law enforcement authorities prevent and detect serious crimes including acts of terrorism. To achieve this, law enforcement authorities need to use PNR data both in real-time to run PNR against predetermined assessment criteria which indicate which previously unknown persons require further examination and pro-actively for analysis and creation of assessment criteria. EN 11 EN

13 For example, an analysis of PNR data may give indications on the most usual travel routes for trafficking people or drugs which can be made part of assessment criteria. By checking PNR data in real-time against such criteria, crimes may be prevented or detected. A concrete example given by a Member State on trafficking in human beings is a case where PNR analysis uncovered a group of human traffickers always travelling on the same route. Using fake documents to check in for an intra-eu flight, they would use authentic papers to simultaneously check in for another flight bound for a third country. Once in the airport lounge, they would board the intra-eu flight. Without PNR it would have been impossible to unravel this human trafficking network. The combined pro-active and real-time use of PNR data thus enable law enforcement authorities to address the threat of serious crime and terrorism from a different perspective than through the processing of other categories of personal data: as explained further below, the processing of personal data available to law enforcement authorities through existing and planned EU-level measures such as the Directive on Advance Passenger Information, 24 the Schengen Information System (SIS) and the second-generation Schengen Information System (SIS II) do not enable law enforcement authorities to identify 'unknown' suspects in the way that the analysis of PNR data does. Second, PNR data help law enforcement authorities prevent, detect, investigate and prosecute serious crimes, including acts of terrorism, after a crime has been committed. To achieve this, law enforcement authorities need to use PNR data in real-time to run the PNR data against various databases of 'known' persons and objects sought. They also need to use PNR data in a re-active manner to construct evidence and, where relevant, to find associates of criminals and unravel criminal networks. For example, the credit card information which is part of the PNR data may enable law enforcement authorities to identify and prove links between a person and a known criminal or criminal organisation. An example given by a Member State relates to a large scale human and drug trafficking involving a Member State and third countries. Cartels were importing drugs to several destinations in Europe. They were using drugs swallowers who were themselves trafficked persons. They were identified on the basis of having bought the ticket with stolen credit cards on the basis of PNR. This lead to arrests in the Member State. On this basis, an assessment criterion was created which itself led to several arrests in other Member States and third countries. Finally, the use of PNR data prior to arrival allows law enforcement authorities to conduct an assessment and perform a closer screening only of persons who are most likely, based on objective assessment criteria and previous experience, to pose a threat to security. This facilitates the travel of all other passengers and reduces the risk of passengers being subjected to screening on the basis of unlawful criteria such as nationality or skin colour which may wrongly be associated with security risks by law enforcement authorities, including customs and border guards. 24 Directive 2004/82/EC of 29 August EN 12 EN

14 The value of using PNR data in this context is confirmed by information from third countries and Member States that already use PNR data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime. The experience of those countries shows that the use of PNR data has led to critical progress in the fight against crime, in particular, drugs and human trafficking and the fight against terrorism, and a better understanding of terrorist and other criminal groups through the gathering of intelligence on their travel patterns. The "European Union Strategy for Combating Radicalisation and Recruitment to Terrorism" notes, for example, the importance of identifying persons who travel to conflict zones in order to prevent terrorist training, build intelligence about terrorists and criminals and identify behaviour patterns of such persons. Even though PNR data are passenger data linked to travel, they are mainly used as a criminal intelligence tool rather than as border control tool. They are used in advance of a border crossing and not at the border crossing itself. Their main aim is to fight terrorism and serious crime rather than fight irregular immigration and facilitate border controls. The Commission adopted on a Communication on the Overview of information management in the area of freedom, security and justice 25 the purpose of which was to provide a full overview of EUlevel measures in place, under implementation or consideration regulating the collection, storage or cross-border exchange of personal information for the purpose of law enforcement or migration management. This Communication noted that the Schengen Information System (SIS) 26 the second-generation Schengen Information System (SIS II) 27, the Visa Information System (VIS) 28, and the anticipated Entry/Exit System and Registered Travellers Programme 29 are EU measures that deal directly with actions taking place physically at the borders. The proposal will neither change nor interfere with current EU rules on the way border controls are carried out or with the EU rules regulating entry and exit from the territory of the Union. The proposal will rather co-exist with and leave those rules intact. PNR data are also useful for other policy purposes. For example, they are useful for immigration purposes to find persons who have exceeded their permitted stay on a visa by providing a record of when a person enters the EU. In aviation security, PNR data could be used to prevent persons who might pose a threat to the security of the aircraft from boarding, through the implementation/establishment of 'no-fly lists'. In relation to health safety, if a passenger is found to be suffering from a highly contagious disease, PNR data could be used to quickly inform passengers on the same flight, in particular those who sat in the immediate surroundings of that passenger COM (2010)385, Convention implementing the Schengen Agreement of 14 June 1985 between the Governments of the States of the Benelux Economic Union, the Federal Republic of Germany and the French Republic on the gradual abolition of checks at their common borders, OJ L 239, , p. 19. Regulation (EC) No 1987/2006, Decision 2007/533/JHA, Regulation (EC) No 1986/2006. Council Decision 2004/512/EC, Regulation (EC) No 767/2008, Council Decision 2008/633/JHA. See also Declaration on combating terrorism, European Council, [ ]. EN 13 EN

15 Divergence between national PNR systems Even though only a limited number of Member States have set up a PNR system to date, most Member States use PNR data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime in a non-systematic way or under general powers granted to the police or other authorities. Within the EU, the United Kingdom already has a PNR system, while France, Denmark, Belgium, Sweden and the Netherlands have either enacted relevant legislation and/or are currently testing using PNR data. Several other Member States are considering setting up PNR systems, but they are waiting for a proposal from the Commission which will enable them to obtain the full benefits of using PNR. An analysis of the national legislation of the United Kingdom, France and Denmark 30 indicates that their provisions diverge and can be summarised as follows: The United Kingdom provides for the use of PNR data in the fight against terrorism, all crimes and irregular immigration. PNR data will be required from all flights, including intra-eu and domestic flights. The retention period would be 5 years in an active database and 5 years in archives. PNR data will be required from air, sea and rail carriers to the extent that such data exists. French legislation provides for the use of PNR data in the fight against terrorism and irregular immigration but not for other crimes. PNR data will be required from all flights, including intra-eu and even domestic flights. The retention period is 24 hours for immigration purposes and 5 years for terrorism purposes in an active database. PNR data will be required from air, sea and rail carriers to the extent that it exists. Danish Legislation provides for the use of PNR data only in the fight against terrorism and crimes against the State. The proposed retention period is 1 year and covers only air travel. It does not propose a system of transmission of PNR data but a system of retention of the data by the air carriers while giving direct access to such data to some law enforcement agencies. Informal talks with Denmark indicated that they are considering amending their legislation because the system of retention of the data by the air carriers is thought to be ineffective. These provisions indicate that there are divergences with regards to the purpose of the system, the period of retention, the structure of the system, the geographical scope and the modes of transport which are covered. It is also likely that once the complete regulatory framework for the use of PNR data in these Member States is adopted, they will diverge, for instance, on data protection rules, the use of sensitive data, rights of access and judicial redress, the role of supervisory authorities and the range of authorities having access to the data. It is also expected that there will be divergences on the measures taken to safeguard the security of the transmission of the data, i.e. different transmission protocols and message formats. 30 For the United Kingdom, the Immigration, Asylum and Nationality Act 2006 For Denmark, the Air Navigation Act For France, Article 7 Division IV et V - art. 8 de la loi n du 6 janvier 1978 EN 14 EN

16 As more Member States are preparing their own PNR legislation, this might lead to the creation of up to 27 considerably diverging systems. This could result in uneven levels of data protection across the Union, security gaps, increased costs and legal uncertainty for carriers. This could lead to distortions in the internal market Agreements with third countries The first country that recognised and made use of PNR data in a systematic electronic way was the United States, which, after the terrorist attacks of 9/11, proceeded immediately with the introduction of PNR data legislation. Since then, more countries have followed and passed similar legislation, namely Australia, Canada and New Zealand and more recently Japan and South Korea. Various other countries are also currently working towards such legislation. The EU has signed agreements for the transfer of PNR data with the United States 31, Canada 32 and Australia 33. These Agreements regulate the transfer of PNR data by carriers operating flights between the EU and these countries for the purpose of the fight against terrorism and transnational serious crime. They also list a series of safeguards that the third country must respect when handling personal data of passengers whose PNR data are transmitted under the Agreements. The Agreements do not deal with transfers of PNR data for flights by carriers to the EU or the authorities of Member States' as the EU does not yet have a PNR system in place. The Agreements only provide, in terms of reciprocity, that the authorities of the third countries share some analytical information with the Member States' authorities. If the EU had a PNR system, the reciprocity element of such Agreements would be implemented more thoroughly. The Commitments on which the PNR Agreement with Canada was based have expired in 2009 and therefore the Agreement needs to be renegotiated. The Agreements with the United States and Australia are only provisional and have not yet been officially concluded by the EU. Upon the entry into force of the Treaty of Lisbon, the European Parliament proposed that both these Agreements should be renegotiated as they do not provide for adequate protection of personal data. Therefore, the Commission requested that the Council provides it with negotiating directives to enter into new agreements with the United States 34 and Australia 35. The Commission also recommended that the Council provide it with negotiating directives to enter into a new agreement with Canada 36 as well. The Council adopted the relevant Decisions on 2 December Other countries, notably Japan and South Korea have also requested to negotiate such agreements. Through the experience gained by the countries that already use PNR data, the Member States have come to appreciate the full value of PNR data in the fight against terrorism and other serious crime OJ L 204/16, OJ L 91, p.53, OJ L 91, p.49 and OJ L 82, p.15 OJ L 213, , p.49 SEC(2010)1082, SEC(2010)1083, SEC(2010)1084, EN 15 EN

17 Types of carriers collecting PNR data Currently only air carriers collect PNR data. Sea and rail carriers do not collect such data, with some exceptions. For example, some rail and sea carriers collect PNR-like data for instance the Eurostar. and Thalys collect some data when the reservation is made online and cruise ships collect some PNR-like data as well. On the other hand, ferries and trains other than the Thalys and the Eurostar do not have computerised reservation systems which are similar to those of air carriers. The collection of PNR data by carriers should also be considered against the background of increasing passenger flows. According to the data provided by the Member States, there were 767 million external border crossings in 2007 and 714 million in It should be noted that the data are not fully comparable because the Schengen enlargement in 2007 (land borders) and 2008 (air borders) 37 shifted the physical location of the Schengen external border and affected the number of external border-crossing points. Furthermore, Member States do not record such movements in a consistent manner, so rates are based mainly on estimations. However, based on discussion with Member States it can be assumed that border-crossings at the largest and busiest points have been increasing and will continue doing so in the future 38. In addition, the total number of travellers differs a lot between Member States with some Member States recording over three million travellers crossing the borders in a one week period and others recording below travellers. As regards the number of flight movements and passengers affected by the possible introduction of PNR measures, air carriers carried approximately passengers on flights going in and out of the EU-27 in With an annual rate of increase of these flights of 7.7% 40, the number of flights going in and out of the EU-27 in 2010 was EU right to act and subsidiarity principle The right of the EU to act in this field is enshrined in Articles 82 and 87 of Title V of Chapter V of the Treaty on the Functioning of the European Union (TFEU). As the threat from terrorism and cross-border serious crime remains significant, it is important to provide law enforcement authorities with new effective tools with which to perform their tasks. As most of the categories of serious crimes, like drugs and human trafficking, often involve international travel, it is essential that authorities collect, process and exchange PNR data to increase the internal security of the EU. Moreover investigations for the purpose of preventing, detecting, investigating and prosecuting terrorist offences and serious crimes carried out by the The Czech Republic, Estonia, Hungary, Latvia, Lithuania, Malta, Poland, Slovakia and Slovenia joined the Schengen area in 2007 (air borders were lifted in 2008). See also the World Trade Organisation (WTO) forecast: Tourism 2020 vision, and the travel forecast of Office of Travel and Tourism Industries (OTTI), Figures according to Eurocontrol on the basis of CFMU IFR Flights Eurocontrol Annual Report 2009 EN 16 EN

18 competent authorities of the Member States are largely dependent on international cross-border cooperation. Because of the free movement of persons in the Schengen area, it is necessary for all Member States to collect, process and exchange PNR data, in order to avoid security gaps due to criminals diverting their planned journeys through Member States not collecting PNR data. By acting collectively and coherently this measure will have a substantial impact on the security of the EU. If Member States are left to legislate independently on issues such as data retention periods, use of sensitive data, purpose limitation, push/pull methods and onwards transfers to third countries, safeguards might diverge. Action at EU level will help to ensure harmonised provision on safeguarding data protection throughout the Union. A further reason why EU action would be more appropriate is that differences between national requirements adopted in Member States that have already established similar mechanisms or which will do so in the future, may impact negatively on the air carriers as they may have to comply with several potentially diverging requirements. Different standards regarding the method of transfer of data, the messaging format, the data security mechanisms, the frequency of transmissions etc, would be very costly for carriers operating in different Member States to implement. On the basis of the above, it can be concluded that the EU is both entitled to act and better placed to do so than the Member States acting independently. Such an action should not go beyond what is necessary to achieve its objectives How would the problem evolve, all things being equal? Without action at EU level, it is likely that several Member States will implement their own domestic PNR systems. This would mean that the full benefits offered to develop the fight against terrorism and serious crime to increase internal security of the Union, by cooperating on PNR data collection, would not be attained. This would also mean that the Union might end up with various diverging PNR systems leading to negative effects on the internal security of the Union, by the potential creation of serious security gaps. The development of different and diverging PNR systems in the Union could also have an adverse effect on the level of protection of personal data afforded to passengers, since the standard of data protection in the Member States may vary, despite respecting the general European standards. As more and more Member States adopt national legislation for the use of PNR data and as more and more third countries request such transmission from carriers, it is important to ensure uniform and high level protection of personal data when processing PNR data. Sufficient safeguards should be provided to ensure that passengers have access to enforce their rights. The Article 29 Data Protection Working Party, despite opposing the use of PNR data, strongly prefers a European instrument with robust data protection guarantees to various national systems with diverging data protection standards. In addition, diverging PNR systems in the Union would create difficulties for carriers having to comply with a number of different systems, and the national authorities would have to develop EN 17 EN

19 systems to be able to receive and transmit data in potentially many different ways. For this reason, the carrier associations which were consulted for the purposes of this report were strongly in favour of harmonising the use of PNR data at EU level. Another aspect to be taken into account is that the number of travellers continues to increase. This, together with additional border and security controls, has started creating problems of managing the flows of passengers efficiently. This problem is expected to worsen as the number of passengers increase. The collection and use of PNR data will contribute towards managing this problem more efficiently. The possibility of performing border and security controls of a passenger's PNR data before he or she actually arrives in the country of destination will make it possible to clear non-identified travellers and subject them only to minimum controls at the border. 3. POLICY OBJECTIVES 3.1. Objectives One of the fundamental goals of the Union is the development of a genuine European area of justice, freedom and security. Such an area aims to ensure that the fundamental rights of individuals living in the EU, such as the right to life, physical integrity and the protection of personal data and privacy, are guaranteed. The general objective is therefore to increase the internal security of the EU, while respecting the right to protection of personal data and other fundamental rights. This is in line with the Stockholm Programme, which calls on the Commission to present a proposal for the use of PNR data to prevent, detect, investigate and prosecute terrorism and other serious crime. This general objective translates into the following specific policy objectives: (1) To prevent and reduce terrorist activities and other serious crime through a global approach to the use of PNR data avoiding security gaps. At operational level, the objective would be to collect and process PNR data in an electronic format in order to benefit fully from the advantages offered by modern technologies for such use. (2) To ensure that individuals' right to the protection of personal data is duly respected when PNR data are collected and processed. At operational level, the objectives is to facilitate the exchange of PNR data among responsible authorities and to ensure that access to PNR data is limited to what is necessary for the pre-defined purpose(s). (3) To provide legal certainty to and reduce costs for carriers. There are two operational objectives, to reduce differences in legal and technical requirements imposed on carriers and to avoid distortion of the internal market due to diverging legal requirements. EN 18 EN